The U.S. military has a method of qualifying experience in the form of examination.

After years of studies, the Department of Defense realised that Soldiers, Sailors, Airman and Marines while trained in equal settings, advanced differently.

For example; A Sailor (during initial training) must attain a standard for that grade...in that career field.

After a certain rank is achieved, the sailor in question is EXPECTED to learn advanced topics, and is tested on said topics.

These topics are defined well in advance...manuals/books for study are available.

Testing for the next available grade/rank are weighed on performance FROM THEST TESTS.

In other words...OK...you have been in the career field for 10 years. Lets find out if you know what you are talking about. SOUND FAMILIAR???

Performance on those tests helps to determine who gets promoted and who doesn't.

So...after all this is said and done. Mr. Forno (or his publisher) actively markets his CISSP certification in an effort to sell more books.
(see http://www.upublish.com/books/infowar.htm )

This is a good thing. Dummies do not pass the CISSP exam. In a previous post, a lady/gentleman mentions that although she/he has 10 years experience and considers herself/himself and expert in the field is amazingly surprised to have passed the exam. Maybe that individual is selling herself/himself short.

Certifications provide a tangible method to determine performance rather than an individual who thinks he / she is sharp just because that individual knows how to research google.com like nobodies business.

People selling the CISSP exam short are ignorant. ISC2 is a viable organization and the exam encompasses a very diverse subject matter area. (John Lasser's comments notwithstanding).

In the same breath, SANS certifications are not some kind of holy grail. They are new and therefore HOT. However, Cisco, Sun, and Microsoft actually develop a product and test on competency with that product. Don't sell those vendors short.

I'll take a Solaris Certified System Administrator with 10 years experience over a non SCSA with 10 years experience any day of the week.

WHY???Because the one that has the certification had the balls to stick her/his neck out there and get it done.

PS* If you get a certification, be wary of your colleagues who want to see you fail. If you have a CCIE for example, it is very common for a person calling herself/himself a network engineer to do some google.com research on an esoteric command just prior to your arrival in an effor to troubleshoot the 'expert' CCIE.

Hugs and Kisses,
M. Brian Bost

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/118/16939#16939